We just finished switching to fixed versions for our maven dependencies. We don't depend on -SNAPSHOT anywhere anymore. Future builds will be reproducible by checking out the corresponding commit (marked by a git tag) and running maven. The specific versions of the dependencies are also included in our debian and .zip packages (in the names of the jar files in lib/).
Updating the dependency versions is currently done manually by editing pom.xml. In order to catch problems as soon as they are introduced we want to keep all versions updated. Please consider updating all dependent projects after an update to a dependency.
In order to switch back to using a -SNAPSHOT for a particular dependency (e.g. while developing), edit pom.xml and replace the version: